A new Linux kernel flaw dubbed Dirty Frag (CVE-2026-43284) enables instant root on all major distros. No patches exist after embargo collapsed.
Brazilian banking trojan TCLBanker targets 59 financial platforms using a trojanized Logitech installer. It hijacks WhatsApp Web and Outlook to self-propagate, while WPF overlays facilitate real-time fraud.
Iranian APT MuddyWater hijacked Microsoft Teams to harvest credentials via live screen-sharing, then dropped Chaos ransomware as a false flag to hide espionage. Rapid7 linked the campaign to 36 victims.
Kaspersky uncovered a supply chain attack on DAEMON Tools official website. Trojanized installers deployed QUIC RAT backdoors to thousands of systems, with a dozen government and manufacturing targets receiving advanced payloads.
Security researchers disclosed 12 sandbox escape vulnerabilities in vm2, including three with CVSS 10.0 scores. The popular JavaScript isolation library can no longer be trusted to contain untrusted code.
CVE-2026-6973 lets attackers achieve RCE on Ivanti Endpoint Manager Mobile with admin credentials. CISA added it to KEV with a two-day patch deadline for federal agencies.
Unit 42 links CL-STA-1132 to Chinese state-sponsored actors exploiting CVE-2026-0300 for espionage. IOCs and attack timeline revealed after a month of active exploitation.
CVE-2026-27960 in OpenCTI 6.6.0-6.9.12 allows unauthenticated API access as any user, including admin. Upgrade to 6.9.13 or disable the default admin account.
CVE-2026-23918 in Apache 2.4.66 lets attackers crash servers or achieve code execution with just two HTTP/2 frames. Upgrade to 2.4.67 immediately.
CVE-2026-0300 allows unauthenticated attackers to execute code as root on PA-Series and VM-Series firewalls. Patches coming May 13—here's how to mitigate now.
Learn about ransomware, phishing, malware, and essential online safety practices.
Curated books, tools, and resources to deepen your cybersecurity knowledge.
Get the latest cybersecurity news delivered to your inbox.